Malware

New EdgeStepper implant leveraged in PlushDaemon supply chain compromise Attacks with the new EdgeStepper implant have been deployed by the China-linked threat group PlushDaemon to facilitate software update traffic takeovers as part of a cyberespionage operation, according to BleepingComputer.

Trojanized installers of widely known software have been leveraged to spread a JavaScript backdoor and achieve persistence as part of the ongoing global malvertising campaign TamperedChef, reports The Hacker News.

Threat actors have exploited the ClickFix social engineering technique to distribute the Amatera Stealer and NetSupport RAT payloads as part of the new EVALUSION campaign, reports The Hacker News.

Attacks with the multi-stage RONINGLOADER payload have been launched by the advanced persistent threat operation Dragon Breath to facilitate updated Gh0st RAT malware deployment as part of a campaign mostly aimed at Chinese speakers, The Hacker News reports.

Attackers advanced to a more evasive infection chain between two waves of attacks.

GBHackers News reports that North Korean state-sponsored threat actors have been leveraging JSON storage services to distribute malware as part of the Contagious Interview campaign, which has been underway since 2023.

The deceptive extension, formerly available for download on the Chrome Web Store, was designed to encode seed phrases into synthetic Sui-style addresses hidden in blockchain transactions.